INTEGRATED ANNUAL REPORT 2024 194 195 SECTION 12: GOVERNANCE www.miscgroup.com MISC BERHAD 2 Crisis Management (CM) To prepare the Group to respond and manage crisis in the risk areas, to protect people, environment, assets and reputation. Enterprise Risk Management (ERM) To reduce the likelihood and impact of the identified risks that may affect the achievement of business objectives. 1 Business Continuity Management (BCM) To build the capability of the Group to recover and continue the operations of critical business functions in the event of disruptions. 3 RISK MANAGEMENT AND RESILIENCY The Group adopts the PETRONAS Resiliency Model which provides an integrated view for managing risks effectively with the primary focus on three areas of business resilience as shown below: The Group’s risk management practices are continuously assessed for enhancements, and these are supported by the relevant risk management frameworks and guidelines to govern and guide the risk management practices across the Group. ENTERPRISE RISK MANAGEMENT Risk Policy MISC’s Risk Policy guides the overall best practice of identifying, evaluating, managing, reporting and monitoring the ever-changing risks faced by the Group and specific measures to mitigate these risks. The emphasis is to effectively reduce the impact of risks, respond to immediate risk events and recover from prolonged business disruption to ensure continuity and sustainability of key business activities as well as delivery of strategic and business objectives. It also outlines the general principles for making risk-based decisions, thus strengthening MISC Group’s position as a risk-resilient organisation. MISC is committed to become a risk-resilient organisation. MISC shall continuously strive to implement: • Risk management best practices to protect and create value within the set boundaries; and • Risk based decision-making by providing a balanced and holistic view of exposure to achieve business objectives. Managing risk is everyone’s responsibility. MISC Resiliency Model Statement on Risk Management & Internal Control Risk Appetite The Group’s Risk Appetite defines the acceptable level of risks and boundaries that the Group is willing to assume in pursuits of its strategic and business objectives. The Group’s Risk Appetite is demonstrated by way of Risk Appetite Statements which express the organisation’s context for managing and taking risks. This is further supported by Risk Tolerances and Thresholds, which reflects the maximum risk that can be undertaken with a metric that can be measured and managed. The Group’s Risk Appetite is integrated into the MISC Business Plan, Strategic Priorities and Group’s decision-making framework to enable the Group to navigate the risk landscape and build resilience as we pursue our business objectives. For the year under review, the Group’s Risk Appetite was approved for review and monitoring which covered five key areas in line with the business strategies and performance expectations. 05 OPERATIONS • Project Schedule & Cost • Fatality • Major HSSE Incidents • Cybersecurity RISK APPETITE 04 REPUTATION • Brand Reputation 03 LEGAL & REGULATORY • Critical Laws and Regulations • Bribery and Corruption 02 STRATEGIC • Capital Investment Returns • Emissions 01 FINANCIAL • Cash Flow • Cost of Debt • Liquidity • Leverage/ Gearing Ratio Enterprise Risk Management Framework The Group’s Enterprise Risk Management Framework is generally aligned with the Principles and Guidelines of ISO31000:2018 and provides a standard approach in implementing the elements and processes to identify, assess, treat and monitor the risks impacting the Group. The established processes enable the identification and management of principal risks of the Group as described in Risks and Mitigation Strategies on pages 65 to 69 of this Integrated Annual Report. Appropriate internal control systems are also implemented to manage these risks, details of which are set out in the following pages. Statement on Risk Management & Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=